• Privacy Policy — PromptScanner Extension 

Last updated: May 2026 

PromptScanner is a browser extension developed as a Final Year Project at Sultan Qaboos University. It analyzes Arabic text entered by users on AI chatbot websites before the text is submitted, helping users detect personal information and harmful content in their prompts. 

Data We Process 

When a user submits a prompt on a supported AI platform (such as ChatGPT, Gemini, Claude, Copilot, or Perplexity), the extension processes the text locally before submission, which may be considered personal communications, and sends it to our backend server for analysis. This text may contain personal or sensitive information depending on what the user has typed. This data is processed transiently and is never stored. The extension also stores the following locally in the browser: 

• Scan results: stored in session storage and cleared automatically when the browser closes 

• User preferences: such as language, dark mode, and auto-scan settings, stored in sync storage with no sensitive data 

How We Use Data 

The text is sent securely over HTTPS to our backend server for real-time analysis. The system performs three functions:

1. Personal Information Detection (PII): identifies names, phone numbers, email addresses, identification numbers, and other sensitive data patterns

2. Toxicity Classification: classifies the prompt into one of seven categories to detect harmful or unsafe contentOptional 

3. Prompt Rewriting: when the user requests it, a safe alternative version of the prompt is generated

For the rewriting feature, only the masked version of the prompt is sent to the rewrite service. Any personal data detected in the prompt is replaced with placeholder tags such as [PERS] or [PHONE] before the text leaves our server. The original text containing real personal data is never forwarded to the rewrite service.

Data Storage 

We do not collect, store, or retain any personal data from users. All prompt data is processed temporarily in memory and discarded immediately after analysis. We do not store, save, log, or retain any user prompts or analysis results on our servers. All processing is performed in real time, and data is discarded immediately after the response is returned to the extension. No database, file system, or persistent storage is used for user data. 

Data Sharing 

We do not sell, share, or transfer user data to any third party for advertising, analytics, or any purpose unrelated to the core functionality of the extension. 

Third-Party Services 

The extension relies on the following external services to deliver its functionality: 

• Railway: hosts our FastAPI backend server that performs PII detection and toxicity classification. Data is processed temporarily and is not stored. 

• Groq API: used exclusively for the optional prompt rewriting feature. Only masked text with personal data removed is sent to this service. 

• HuggingFace: hosts our trained model files, which are downloaded to the server at startup. No user data is sent to HuggingFace. 

User Control 

Users have full control over whether their prompts are sent, masked, rewritten, or cancelled at every step. The extension never sends a prompt to the AI platform without the user’s explicit decision. The auto-scan feature can be disabled at any time through the extension settings. 

Children’s Privacy 

This extension is not directed at children under the age of 13. We do not knowingly collect any data from minors. 

Changes to This Policy 

We may update this privacy policy as the extension evolves. Any changes will be reflected by updating the date at the top of this page. If we become aware that such data has been provided, it will be deleted immediately. 

Contact 

If you have any questions or concerns about this privacy policy or how your data is handled, please contact us at: promptscanner.om@gmail.com